By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Specifically, the problem occurs when Internet Explorer handles the following html tags:

img

script

embed

object

param

style

bgsound

body

input

If these tags are preceded by the file protocol specification, a remote attacker can access arbitrary local files on a victim's system.

Late Tuesday, a Microsoft spokeswoman confirmed that the software giant is also aware of the problem.

"Microsoft has completed its investigation of new public reports of a possible vulnerability in Internet Explorer [and] has confirmed that this behavior could allow for information disclosure when a user visits a Web site," she said in an email exchange.

However, she added, "An attacker could not receive files from an affected system, but would only be able to detect the presence of files. In addition, the attacker must know the location of the file in advance."

To mitigate the risk, Symantec recommended users run all software and the Web client as a non-privileged user with minimal access rights and avoid links provided by unknown or untrusted sources. Users should also refrain from visiting sites of questionable integrity, Symantec said.

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy